In patch to bug 202162 I made a mistake by changing the start offsets for
m_responseText.Find("CRAM-MD5", PR_TRUE, 8)
and
m_responseText.Find("EXTERNAL", PR_TRUE, 8)
That now leads to only recognize mechanisms CRAM-MD5 and EXTERNAL if they're not
the first one in the AUTH line.